1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import java.io.IOException;
17
18 import javax.servlet.ServletRequest;
19 import javax.servlet.ServletResponse;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
22
23 import org.eclipse.jetty.http.HttpHeaders;
24 import org.eclipse.jetty.http.security.Constraint;
25 import org.eclipse.jetty.security.ServerAuthException;
26 import org.eclipse.jetty.security.UserAuthentication;
27 import org.eclipse.jetty.server.Authentication;
28 import org.eclipse.jetty.server.UserIdentity;
29 import org.eclipse.jetty.server.Authentication.User;
30 import org.eclipse.jetty.util.B64Code;
31 import org.eclipse.jetty.util.StringUtil;
32
33
34
35
36 public class BasicAuthenticator extends LoginAuthenticator
37 {
38
39 public BasicAuthenticator()
40 {
41 }
42
43
44
45
46
47 public String getAuthMethod()
48 {
49 return Constraint.__BASIC_AUTH;
50 }
51
52
53
54
55
56 public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
57 {
58 HttpServletRequest request = (HttpServletRequest)req;
59 HttpServletResponse response = (HttpServletResponse)res;
60 String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
61
62 try
63 {
64 if (!mandatory)
65 return _deferred;
66
67 if (credentials != null)
68 {
69 int space=credentials.indexOf(' ');
70 if (space>0)
71 {
72 String method=credentials.substring(0,space);
73 if ("basic".equalsIgnoreCase(method))
74 {
75 credentials = credentials.substring(space+1);
76 credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
77 int i = credentials.indexOf(':');
78 if (i>0)
79 {
80 String username = credentials.substring(0,i);
81 String password = credentials.substring(i+1);
82
83 UserIdentity user = _loginService.login(username,password);
84 if (user!=null)
85 {
86 renewSessionOnAuthentication(request,response);
87 return new UserAuthentication(getAuthMethod(),user);
88 }
89 }
90 }
91 }
92 }
93
94 if (_deferred.isDeferred(response))
95 return Authentication.UNAUTHENTICATED;
96
97 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"');
98 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
99 return Authentication.SEND_CONTINUE;
100 }
101 catch (IOException e)
102 {
103 throw new ServerAuthException(e);
104 }
105 }
106
107 public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
108 {
109 return true;
110 }
111
112 }